Information Security Policy
Our company is committed to establishing a secure and reliable information environment. Through regulatory compliance, risk management, employee awareness training, and continuous improvement, we protect the confidentiality, integrity, and availability of information assets, reduce information security risks, ensure stable business operations, and safeguard the interests of our customers, employees, and stakeholders.
To ensure the stable operation of information systems, information services, and network infrastructure, reduce risks arising from human error, malicious acts, or natural disasters, prevent unauthorized access, use, control, disclosure, destruction, alteration, deletion, or other forms of compromise, and safeguard the Confidentiality, Integrity, and Availability (CIA) of information assets, the Company has established this Information Security Policy. I.Establish and maintain information security management regulations in compliance with applicable laws and regulations, including the Cyber Security Management Act and its associated regulations, as well as Information Security Control Guidelines for Publicly Listed Companies and other relevant requirements. II.Monitor developments in information security, identify changes in internal and external issues, understand the interactions between stakeholder needs and expectations, analyze risks, formulate response strategies, and implement appropriate measures to minimize impacts on business operations. III.Establish an information security governance framework with clearly defined roles, responsibilities, and authorities to promote security initiatives and fulfill management responsibilities. IV.Implement information security education and training programs to ensure employees understand their information security responsibilities and to strengthen security awareness. V.Conduct periodic inventories of information assets and apply risk assessment mechanisms to effectively manage and control potential impacts. VI.Strengthen physical, environmental, and equipment security controls and perform regular maintenance and servicing to ensure continuous and reliable operation. VII.Establish network communication and data transmission rules to protect sensitive information and personal privacy and prevent unauthorized access and tampering. VIII.Conduct information security audits on a regular basis to identify issues, evaluate security effectiveness, develop corrective actions, and implement improvements. IX.Develop emergency response and business continuity plans and conduct regular exercises and drills to minimize the impact of incidents and ensure rapid recovery of operations. X.Establish information security responsibilities and confidentiality requirements, including the execution of confidentiality agreements, to protect privacy and sensitive information. XI.Obtain cybersecurity threat intelligence, establish monitoring activities, and implement proactive preventive and mitigation measures against emerging threats. XII.Review and evaluate the Information Security Policy periodically to ensure it reflects current information security management practices, legal and regulatory requirements, technological developments, and operational conditions, while maintaining the practicality and effectiveness of information security controls and procedures.